EP3660714A3 - Évaluations de sécurité centralisées de scripts dans des environnements de réseau - Google Patents

Évaluations de sécurité centralisées de scripts dans des environnements de réseau Download PDF

Info

Publication number
EP3660714A3
EP3660714A3 EP20159761.4A EP20159761A EP3660714A3 EP 3660714 A3 EP3660714 A3 EP 3660714A3 EP 20159761 A EP20159761 A EP 20159761A EP 3660714 A3 EP3660714 A3 EP 3660714A3
Authority
EP
European Patent Office
Prior art keywords
script
centralized
execution resource
scripts
behalf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20159761.4A
Other languages
German (de)
English (en)
Other versions
EP3660714A2 (fr
Inventor
Asaf Hecht
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cyberark Software Ltd
Original Assignee
Cyberark Software Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cyberark Software Ltd filed Critical Cyberark Software Ltd
Publication of EP3660714A2 publication Critical patent/EP3660714A2/fr
Publication of EP3660714A3 publication Critical patent/EP3660714A3/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP20159761.4A 2020-01-28 2020-02-27 Évaluations de sécurité centralisées de scripts dans des environnements de réseau Pending EP3660714A3 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US16/774,277 US11233805B2 (en) 2020-01-28 2020-01-28 Centralized security assessments of scripts in network environments

Publications (2)

Publication Number Publication Date
EP3660714A2 EP3660714A2 (fr) 2020-06-03
EP3660714A3 true EP3660714A3 (fr) 2020-09-16

Family

ID=69742744

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20159761.4A Pending EP3660714A3 (fr) 2020-01-28 2020-02-27 Évaluations de sécurité centralisées de scripts dans des environnements de réseau

Country Status (2)

Country Link
US (1) US11233805B2 (fr)
EP (1) EP3660714A3 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11550903B1 (en) * 2019-04-26 2023-01-10 Joseph Alan Epstein System and method for trustworthiness, reputation, provenance, and measurement of software
US11232198B2 (en) 2020-01-28 2022-01-25 Cyberark Software Ltd. Dynamic visualization of scripts based on centralized security assessments
US11539705B2 (en) * 2020-02-14 2022-12-27 The Toronto-Dominion Bank Systems and methods for controlling third-party access of protected data
EP3930279B1 (fr) * 2020-06-23 2023-02-15 Robocorp Technologies, Inc. Gestion sécurisée d'un environnement d'automatisation de processus robotique
US20220141658A1 (en) * 2020-11-05 2022-05-05 Visa International Service Association One-time wireless authentication of an internet-of-things device
US11550569B2 (en) * 2021-05-14 2023-01-10 Cyberark Software Ltd. Discovering and remediating hidden secrets in code files

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110219448A1 (en) * 2010-03-04 2011-09-08 Mcafee, Inc. Systems and methods for risk rating and pro-actively detecting malicious online ads
WO2015026971A2 (fr) * 2013-08-20 2015-02-26 Shanklin Steven Dale Service de sécurité de listage sécurisé d'application
EP2975534A1 (fr) * 2014-07-14 2016-01-20 X and Me Technology AG Procédé et dispositif de navigation sécurisée
US20160180086A1 (en) * 2014-12-19 2016-06-23 Kaspersky Lab Zao System and method for secure execution of script files

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8931084B1 (en) * 2008-09-11 2015-01-06 Google Inc. Methods and systems for scripting defense
US8732830B2 (en) * 2009-05-28 2014-05-20 Adobe Systems Incorporated Scripting engine externalized function execution control
US9208065B1 (en) * 2014-05-14 2015-12-08 International Business Machines Corporation Correlating out-of-band process data during mobile test automation
RU2622627C2 (ru) * 2015-09-30 2017-06-16 Акционерное общество "Лаборатория Касперского" Способ обнаружения вредоносных исполняемых файлов, содержащих интерпретатор, посредством комбинирования эмуляторов
WO2017109129A1 (fr) * 2015-12-24 2017-06-29 British Telecommunications Public Limited Company Sécurité logicielle
US10230749B1 (en) 2016-02-29 2019-03-12 Palo Alto Networks, Inc. Automatically grouping malware based on artifacts
US10733238B2 (en) * 2016-05-06 2020-08-04 Amazon Technologies, Inc. Script manager for distributed systems
US10855725B2 (en) 2016-06-02 2020-12-01 Microsoft Technology Licensing, Llc Hardware-based virtualized security isolation
US10178093B2 (en) * 2016-08-12 2019-01-08 Sears Brands, L.L.C. Systems and methods for online fraud detection
US10579796B1 (en) * 2016-12-02 2020-03-03 United Services Automobile Association (Usaa) Systems and methods of detecting malicious powershell scripts
US10719311B2 (en) * 2017-09-08 2020-07-21 Accenture Global Solutions Limited Function library build architecture for serverless execution frameworks
US10678917B1 (en) * 2017-11-29 2020-06-09 NortonLifeLock Inc. Systems and methods for evaluating unfamiliar executables
KR102456579B1 (ko) * 2017-12-07 2022-10-20 삼성전자주식회사 암호화 관련 취약점 공격에 강인한 전자 장치 및 그 방법
US11095670B2 (en) * 2018-07-09 2021-08-17 Cisco Technology, Inc. Hierarchical activation of scripts for detecting a security threat to a network using a programmable data plane
US10599834B1 (en) * 2019-05-10 2020-03-24 Clean.io, Inc. Detecting malicious code existing in internet advertisements
US10599635B1 (en) * 2019-07-26 2020-03-24 Capital One Services, Llc Control systems with independent data processing
US11232198B2 (en) 2020-01-28 2022-01-25 Cyberark Software Ltd. Dynamic visualization of scripts based on centralized security assessments

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110219448A1 (en) * 2010-03-04 2011-09-08 Mcafee, Inc. Systems and methods for risk rating and pro-actively detecting malicious online ads
WO2015026971A2 (fr) * 2013-08-20 2015-02-26 Shanklin Steven Dale Service de sécurité de listage sécurisé d'application
EP2975534A1 (fr) * 2014-07-14 2016-01-20 X and Me Technology AG Procédé et dispositif de navigation sécurisée
US20160180086A1 (en) * 2014-12-19 2016-06-23 Kaspersky Lab Zao System and method for secure execution of script files

Also Published As

Publication number Publication date
US11233805B2 (en) 2022-01-25
US20210234875A1 (en) 2021-07-29
EP3660714A2 (fr) 2020-06-03

Similar Documents

Publication Publication Date Title
EP3660714A3 (fr) Évaluations de sécurité centralisées de scripts dans des environnements de réseau
US9940177B2 (en) Traffic control method and system
US7702783B2 (en) Intelligent performance monitoring of a clustered environment
US9916224B2 (en) Integrating quality analysis with a code review tool
SG10201901079UA (en) Method of and server for detecting associated web resources
US8943196B2 (en) Programmatically determining an execution mode for a request dispatch utilizing historic metrics
US7530072B1 (en) Method to segregate suspicious threads in a hosted environment to prevent CPU resource exhaustion from hung threads
DE602004018501D1 (de) Verfahren, das es einer multitasking-datenverarbeiren
KR101589649B1 (ko) 대량의 악성 코드 분석 시스템 및 방법
EP4239484A3 (fr) Collecte d'échantillons de manière hiérarchique dans un centre de données
CN113037594B (zh) 基于云服务的压力测试方法和装置
EP1526454A3 (fr) Identification d'application pour des produits logiciels
KR20190019067A (ko) 정보 유출 검출 방법 및 장치, 서버 및 컴퓨터 판독가능 저장 매체
CN105224464A (zh) 一种并行自动化测试方法
US10007495B2 (en) Code generation method for scheduling processors using hook function and exception handling function
EP2403288A3 (fr) Système et procédé permettant de déterminer les terminaux de communication couramment utilisés et d'identifier les entités bruyantes dans une analyse de lien à grande échelle
EP3779874A3 (fr) Système et procédé d'évaluation automatisée de surface
US20080216083A1 (en) Managing memory resources in a shared memory system
CN114510358A (zh) 漏洞扫描方法、装置及分布式漏洞扫描系统
EP1437659A3 (fr) Système et procédé de gestion de cycle de vie d' un serveur d'applications
US20140379934A1 (en) Managing a network connection for use by a plurality of application program processes
Wu et al. A distributed workflow management system with case study of real-life scientific applications on grids
EP1736897A3 (fr) Méthode et système pour l'attribution d'appartenance utilisant le langage des scripts
US10235264B2 (en) Method and system for monitoring health of a virtual environment
GB2462752A (en) Dynamic SLA Negotiation

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/53 20130101AFI20200812BHEP

Ipc: G06F 21/51 20130101ALI20200812BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20210316

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20230525

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230607